GRE Tunnel configuration

Unanswered Question
Jan 7th, 2008
User Badges:

Hi,


I have to configure the GRE tunnel between Site A and Site B.


1. Site A route is connected to a Cisco PIX525 and the PIX 525 inturn connected to Internet.

2. This router serial interface is connected to Site B router through a 512 KB leased line.

3.Site B router also connected to Cisco PIX 525 firewall and the firewall is connected to Internet.

4. Both sites users are accessing internet through router and through PIX 525.

5. Both side networks are accessible through the routers using a static route.


My requirement is if the leased line between the sites are down,then the traffic between the sites has to be directed through PIX525 through internet as a redundant.


My assumption is as follows:


1. I will configure IPsec site to site between Cisco PIX 525 firewall.

2. I will configure another static route with the higher metric than the previous route that is between the serial interfaces of the routers.


3. My firewall is PIX 525 with 6.13 ios version.


4. My router is Cisco 1750


5. Help to configure the GRE tunnel and IP route .


Thanks and Regards,



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Hi, you will have to configure a VPN tunnel if you require ipsec. GRE tunnel are useful if you require routing through your tunnel because they will transmit multicast packets use to maintain routing tables. Have a look at the document below it contain a configuration for VPN tunnel on pix firewall. HTH


http://www.cisco.com/warp/public/110/38.html


Collin Clark Mon, 01/07/2008 - 13:34
User Badges:
  • Purple, 4500 points or more

As others said, the *best* way of doing this is to use VPN between your PIX firewalls. You'll also want to upgrade your firewall OS and upgrade to the 3DES license (free). Also using two static routes will not work. A static route will never disappear from the routing table so the other route will never "take over". You will need to run a routing protocol internally then set your static route for the VPN a little higher than the IGP AD.


HTH

Lavanholy Fri, 01/11/2008 - 20:31
User Badges:

Hi Mr.Ceclark,


Thanks for the guidance.


I will have IP sec VPN tunnel between two sites firewall.


My LAN router is connected to other site router by means of a leased line.It has static IP route with lower metric.


Now I will have another static route inthe same router with higher metric.


Will it work?


Please guide me.


Thanks and Regards,


S.Venkataraman.

Collin Clark Mon, 01/14/2008 - 06:28
User Badges:
  • Purple, 4500 points or more

It will NOT work. Remember that static routes are always in the routing table. The lower metric route will never disappear and the other route will never be used!

Danilo Dy Fri, 01/11/2008 - 21:49
User Badges:
  • Blue, 1500 points or more

Hi,


Site-A

Router-A>FW-A>Internet


Site-B

Router-B>FW-B>Internet


Between Site-A and Site-B

Router-A|LeasedLine|Router-B


Is the internet facing subnet of firewall is bigger? I'm thinking of triangular connection between router, firewall, and provider router. This way, you can run IP GRE over IPSec VPN in the router.


Regards,

Dandy

Actions

This Discussion